Committee
Consult the user guide
For assistance, please contact us
Consult the user guide
For assistance, please contact us
Add search criteria
Results: 1 - 60 of 139
View Steven Guilbeault Profile
Lib. (QC)
Thank you, Mr. Chair.
Mr. Chair, members of the committee, good morning.
I would first like to acknowledge that I am joining you from Montreal, on the traditional territory of the Mohawk and other Haudenosaunee peoples.
Thank you for inviting me to speak to you today. With me, as you said, are Joëlle Montminy, senior assistant deputy minister, cultural affairs, and Pierre-Marc Perreault, acting director, digital citizen initiative.
Like you and many other Canadians, I am concerned by the disturbing rise and spread of hateful, violent and exploitive content online and on social media.
As a legislator and father of four children, I find some of the content of these platforms to be profoundly inhuman.
I am also deeply troubled by the consequences and the echoes of that content in the real world.
The overall benefits of the digital economy and social media are without question. In fact, I published a book, shortly before I took up politics, wherein I talked about the benefits of the digital economy, of artificial intelligence in particular, but also about some unintended negative consequences.
In Canada, more than 9 out of 10 adults use at least one online platform, and since the beginning of the pandemic, online platforms have played an even more important role in our lives.
We use social media platforms like Facebook, Twitter, Instagram and YouTube to stay connected to our families, friends and colleagues. We use them to work, to conduct business, to reach new markets and audiences, to make our voices and opinions heard, and to engage in necessary and vital democratic debate. However, we have also seen how social media can have negative and very harmful impacts.
On a daily basis, there are Internet users who share damaging content, either to spread hate speech, the sexual exploitation of children, terrorist propaganda, or words meant to incite violence.
This content has led and contributed to violent outbursts such as the attack on the Islamic Cultural Centre in Quebec City in 2017, and similar attacks in Christchurch, New Zealand, in 2019.
Canadians and people all over the world have watched these events and others unfold on the news with shock and fear. We all understand the connections between these events and hateful, harmful online discourse. We worry about our own safety and security online. We worry about what our children and our loved ones will be exposed to.
According to a recent poll by the Canadian Race Relations Foundation, an overwhelming 93% of Canadians believe that online hate and racism are a problem, and at least 60% believe that the government has an obligation to prevent the spread of hateful and racist content online.
In addition, the poll revealed that racialized groups in Canada are more than three times more likely to experience racism online than non-racialized Canadians.
Since the beginning of the COVID‑19 pandemic, we have seen a rise in anti-Asian hate speech on the Internet and a steady increase in anti-Semitic rhetoric, further fuelled by recent events.
A June 2020 study by the Institute for Strategic Dialogue found that Canadians use more than 6,600 online services, pages and accounts hosted on various social media platforms to convey ideologies tinged with white supremacism, misogyny or extremism. This type of content wreaks havoc and destroys lives. It is intimidating and undermines constructive exchange. In doing so, it prevents us from having a true democratic debate and undermines free speech.
The facts speak for themselves. We must act, and we must act now. We believe that every person has the right to express themselves and participate in Internet exchanges to the fullest extent possible, without fear and without intimidation or concern for their safety. We believe that the Internet should be an inclusive place where we can safely express ourselves.
Our government is therefore committed to taking concrete steps to address harmful content online, particularly if the content advocates child sexual exploitation, terrorism, violence, hate speech, and non-consensual sharing of intimate images.
In fact, this is one of the priorities outlined in the mandate letter given to me by Prime Minister Justin Trudeau. So we have begun the process to develop legislation that will address the concerns of Canadians.
Over the past few months my office and I have engaged with over 140 stakeholders from both civil society organizations and the digital technology sector regarding this issue. This has included seven round-table discussions. We also spoke with indigenous groups, racialized Canadians, elected provincial officials, municipal officials and our international partners to assess our options and begin to develop a proposed approach.
In addition, given the global nature of the problem, I have hosted a virtual meeting with my counterparts from Australia, Finland, France and Germany—who were part of the multi-stakeholder working group on diversity of content online—to discuss the importance of a healthy digital ecosystem and how to work collectively.
I am also working closely with my colleagues the ministers of Justice, Public Safety, Women and Gender Equality,Diversity and Inclusion and Youthas well asInnovation, Science and Industry to find the best possible solution.
Our collaborative work aims to ensure that Canada's approach is focused on protecting Canadians and continued respect for their rights, including freedom of opinion and expression under the Charter of Rights and Freedoms. The goal is to develop a proposal that establishes an appropriate balance between protecting speech and preventing harm.
Let me be clear. Our objective is not to reduce freedom of expression but to increase it for all users, and to ensure that no voices are being suppressed because of harmful content.
We want to build a society where radicalization, hatred, and violence have no place, where everyone is free to express themselves, where exchanges are not divisive, but an opportunity to connect, understand, and help each other. We are continuing our work and hope to act as quickly and effectively as possible. I sincerely hope that I can count on the committee's support and move forward to build a more transparent, accountable and equitable digital world.
I thank you for your attention and will be happy to answer any questions you may have.
View Charlie Angus Profile
NDP (ON)
Rose Kalemba contacted our committee and asked us to fight for her. At age 14, she was kidnapped, brutally tortured and sexually assaulted, and her videos were posted on Pornhub, downloaded and promoted.
In your view—and I just have to be blunt here because we've talked about some really difficult stuff at our committee so I hope you don't find me being too blunt—would you believe that the posting of those videos represents criminal acts?
View Steven Guilbeault Profile
Lib. (QC)
As you are well aware, they are criminal acts according to the Canadian Criminal Code, yes.
View Charlie Angus Profile
NDP (ON)
Good, because it has sections 162, 163 and 164, and yet those laws are not being applied.
I need to know why we need a regulator to oversee something that's already under the Criminal Code. The promotion of these videos, according to law, is a criminal act, so why don't we just apply the law?
View Steven Guilbeault Profile
Lib. (QC)
As I said earlier, the challenge that we in Canada, and countries all around the world, are facing is that the tools that we have to deal with these issues in the physical world just aren't adapted to the virtual world. This is why Australia created a new regulatory body to deal with that, and it is why a number of countries either have created or are in the process of creating new regulations, new regulators, or both, to deal with this. It's because the tools we have just aren't adaptable.
View Charlie Angus Profile
NDP (ON)
Are you saying we simply don't need to use the Criminal Code? What surprises me is that internal documents from the RCMP's December 12 briefing note on Pornhub pointed out that your office is going to be taking the lead.
According to those documents, they are not going after Pornhub, so did cabinet tell the RCMP to stand down while you developed this regulator? Why is it that the RCMP are under the impression that you're the lead on this, and that the Canadian laws that exist are not going to be applied?
View Steven Guilbeault Profile
Lib. (QC)
I respectfully disagree with the premise of your question. As I stated earlier, the legislation will address five categories of online harms, which are already criminal according to Canadian law, and which are already criminal activities under the Canadian Criminal Code.
View Charlie Angus Profile
NDP (ON)
I get that. I guess my concern is that you haven't actually come up with legislation. You don't know when this regulator's going to appear, and the RCMP internal notes say your office is taking the lead.
We have survivors who suffered serious crimes and abuse. We have the Criminal Code. I'm wanting to know why your government is saying that it will be the regulator that handles that, as opposed to telling the RCMP and the justice minister to do their job.
View Steven Guilbeault Profile
Lib. (QC)
I think you're misunderstanding what we're trying to do.
There are many reasons we need to create a regulator. One—
View Charlie Angus Profile
NDP (ON)
I don't have a problem with the regulator. What I have a problem with is the fact that we actually have criminal laws in place, and it seems that the RCMP has decided that Pornhub doesn't have to actually follow the law—there's voluntary compliance; your Attorney General says he's not even sure if they're a Montreal company; you're telling us there's going to be some kind of regulator, but you don't have one....
I just have to be honest. Having the minister of culture and communications handle a file about horrific sexual assault videos to me is like asking the minister of transportation to look after human trafficking.
Why is it that the laws of the land are just not being applied? You can go and get a regulator, but why are the laws not being applied?
View Steven Guilbeault Profile
Lib. (QC)
Your analogy would be correct if I were the only one doing this. I'm not.
As I stated in my remarks initially, I am working with the Minister of Public Safety, with the Minister of Justice and with a number of other colleagues. This is a whole-of-government approach. It's not—
View Charlie Angus Profile
NDP (ON)
I know, and they say you're the lead on this. They defer to you.
View Charlie Angus Profile
NDP (ON)
We don't have a regulator. We don't have any action. Again, what do I tell the survivors who are being told, sorry, not much is going to happen but maybe a regulator, and maybe there will be a new CRTC for porn? How long are they going to have to wait before they actually see something?
View Steven Guilbeault Profile
Lib. (QC)
This was in my mandate letter when I was nominated as the Minister of Canadian Heritage. We started right away, despite the most important pandemic we've seen in the last 100 years, doing public consultations, doing the work. Some people may like—
View Steven Guilbeault Profile
Lib. (QC)
I have not personally, but the department and people on my team have, so yes, we have, but it's not something that can be solved overnight. It's a complex issue. As we're seeing all around the world, countries are struggling with this.
Charles DeBarber
View Charles DeBarber Profile
Charles DeBarber
2021-06-07 12:03
Hello. Good afternoon. My name is Charles DeBarber and I'm a senior privacy analyst with Phoenix Advocates and Consultants. My background is U.S. Army cyber-intelligence and cybersecurity.
I began my work with victims of non-consensual pornography, or NCP, in 2015, when I worked for the elite firm Fortalice. As the program manager for open source intelligence, I assisted victims of NCP through our reputation services. Since departing Fortalice in 2018, I have done freelance work on behalf of victims of revenge porn, extortion schemes and cyberstalking, and on purging content for victims of human trafficking. I've written bespoke information guides for clients to help protect their digital privacy and to reduce the chances of their being a target of successful doxing.
My background gives me deep insight into the sources of content on the Internet, and today I want to share with you guys some knowledge about the surface web, deep web and dark web. In addition, I'd like to share some research about the sources of adult NCP on these three layers.
As a disclaimer, I want to be clear that my data regarding NCP is limited in a few ways. First, my data is limited to the 90-plus cases that I've undertaken since 2019. You'll see these are sourced as “PAC Research 2016 to 2021”. I recognize there's a selection bias to that data due to it being from only our casework. Second, much of my information on NCP involving children is largely anecdotal, as I've never produced statistics on it. In addition, the bulk of my work has been with adult victims. Third, I am discussing the concepts of surface web, deep web and dark web and how they relate to the volumes and types of NCP often found on them. This is not to paint any of these layers as good or bad. The dark web has an especially heinous reputation, but remember that there are people who use the dark web to subvert censorship or express their free speech in countries where freedom of speech is very limited.
You'll see in the handout the beautiful iceberg graph that is commonly used to explain the three layers. You have surface web, deep web and dark web. We'll start with the surface web.
The surface web is basically the Internet content indexed by search engines themselves and things you can directly jump to from search engines. It's aggregated web content that can be found with web crawlers, also known as spider bots or spiders. Make note of that, because it is very important for one of the points I'll make later. The surface web is the minority of online content, around 4% to 5%.
What's the deep web? That's the majority of the web, more than 90% of it. It's Internet content that's not part of the surface web and is not indexed in search engines. It's mostly content that is not readily accessible through standard means, such as search engines. As I said, it's the majority of content on the Internet.
Then there's the dark web. It's part of the deep web, but what makes it different is that you have to use encryption software and special software to access it—things like Tor Browser or Freenet or Freegate. It's also used interchangeably with dark net. It can be called both.
NCP comes in many forms. Some of the key forms for adult victims include revenge porn, non-consensual surveillance, human trafficking and data or device breaches. We have the following statistics from our casework. The majority of adult NCP, 73.5% of our cases, was found on the surface web. We believe that the reason for this is that adult NCP pornography easily blends in with amateur pornography. The ease of use and popularity of video- and image-sharing sites on the surface web is the main cause of this.
On top of that, the deep web accounts for about 23.2%. These are often private forums for pirated content, BitTorrent sites, and VoIP and messaging apps like Discord communities. The more compartmented nature of the deep web leads to a lower volume of content that is also less viral.
The dark web accounts for little of our content. Content there, in our experience, includes things that we consider highly illegal, things you would find only on the dark web because they are highly illegal. This could be things like hidden bathroom cam footage, extremely violent content, child pornography and bestiality. NCP blends in with amateur pornography and is readily available on upper layers. There's no reason to go to the dark web for it. Only a minority of Internet users have enough expertise and knowledge of the dark web to use it anyway. The even more compartmentalized nature of the dark web just keeps people off it. This results in more extreme and illegal content being relegated to the dark web.
In our casework, only about 3.3% is dark web content.
There are a few observations I would like to share with the committee. I've removed over 100,000 pieces of NCP content in the last five years. My average client has between 400 to 1,200 pieces of content, and that could be the same picture, video or handful of pictures, but it's shared on many different sites. Viral content itself can be upwards of 6,000 pieces of content and above. Very rarely do I utilize the NCP removal processes created by search engines such as Google or Bing or social media like Facebook, Twitter or Reddit.
I normally use the copyright removal process here in the United States, known as the Digital Millennium Copyright Act. The NCP process often is more complicated and takes longer for victims who have to follow it for every piece of content. Imagine, if you have 400 pieces of content out there, that might be 400 different applications you have to put out. These companies, frankly, respect intellectual property more than victims, because the copyright process is so much easier.
The removal process is costly in both time and resources. I utilize automation, which is not cheap. For a client with more than 400 pieces of content, it would usually cost $2,000 for automated removal and $5,000 for bespoke removal services, and that just mitigates the problem. Victims using it manually require a certain level of understanding of information systems, search engines and web caching, and that is if the victim can find most of the content without using automated aggregators. My junior analysts, some of them with information systems and computer science backgrounds, take up to a month of hands-on work to learn how to effectively purge content. The average victim is expected to have this expertise if they cannot afford professional services. The tools for victims to effectively mitigate their digital footprint of content aren’t readily available.
Great strides have been made to get Silicon Valley to recognize the issue, and I don’t wish to demean those efforts or that recognition. Laws in my home country are now in 48 states and two territories to protect victims of NCP. However, picking up the pieces after NCP floods surface web sites is still an uphill battle. We’ve worked tirelessly so clients can google their name without NCP coming up. One of our clients lives in fear of her 10-year-old using the computer and googling her name. Others have lost job opportunities, housing opportunities and relationships. Many of our clients have contemplated or attempted suicide.
Finally, video upload sites that allow pornography, such as Pornhub or Xvideos, have exacerbated the problem. This is one of the big points I want to make. Content goes viral a lot faster with these sites, and these sites use what is called search engine optimization to flood Google with their content. Even if the content is deleted within 72 hours, it often takes days, frankly, for a victim to even find out that they're a victim. Smaller video upload sites then aggregate this material from search engines and repost it, making this a feedback loop that keeps feeding the search engines and makes it a viral issue.
The issue has become so significant that when a victim’s name is posted in a video title that they're aggregated in and it's then used in search engine keywords for porn sites that don't even have their content, it just becomes a random keyword—their name—and God forbid you have a unique name. Imagine googling your name, and hundreds of porn sites coming up because your name is a keyword empowered by SEO techniques.
We need to find a balance between verification and privacy. That's very easy for me to say, but sites having a reasonable policy for age verification is required. I compliment Pornhub in adopting a verified content policy in late 2020. I'm very angry [Technical difficulty—Editor] and I badly want them held accountable for that, but I want to make sure it's also not so cumbersome that sex workers who are free agents can't operate without reasonable privacy.
Search engines—and this is a key one, and I would recommend you put this forward, or at least encourage them to change their policies—shouldn't allow indexing from adult video image upload sites that do not come from verified accounts. This means that, with verified accounts, the spiders can be turned on so that they can feed into Google, Bing and so on. However, spiders should be turned off on any website where any Joe Schmo can come and upload content, whether it be videos or images. They should be turned off on that content until it is verified. That keeps it from hitting search engines in 72 hours.
Remember, with all NCP, you're really fighting time, and that keeps it from going viral a lot more quickly, quite frankly. It makes the clean-up process significantly better, and it can mitigate it. Furthermore, it would probably protect the intellectual property of other sex workers. As I said, Pornhub and other major tube sites have more or less put NCP into the express lane via SEO techniques.
Finally, the doxing of victims and sex workers is a very serious issue. Despite many of my clients being Jane Does, I can't get Google to delist web pages that post the real names of victims. I wish there was a policy that allowed the delisting of the real names of Jane Does, of sex workers, that exist on sites such as the defunct Porn Wikileaks, which were very dangerous for them and were made for doxing victims.
I'm very open to questions you may have and appreciate your welcoming me today. I'm honoured to be here.
Thank you.
View Shannon Stubbs Profile
CPC (AB)
View Shannon Stubbs Profile
2021-06-07 12:35
I think this is probably what's mind-boggling to many of us on this committee and probably many Canadians listening. A colleague said to me recently that, somehow, organizations like ag societies and school fundraisers and Legions are put through mountains of paperwork and administration to, say, play certain songs or use certain visual material. Then there are also online sites, say, that sell cannabis or alcohol, or host gambling, and in those two cases the country seems fairly effective at having a set of laws and bylaws and policies and regulations for these organizations [Technical difficulty—Editor] seem to manage to enforce and crack down on all of that being done illegally.
View Shannon Stubbs Profile
CPC (AB)
View Shannon Stubbs Profile
2021-06-07 12:36
I would just give you the opportunity to expand on any other specific recommendations in terms of both the enforcement and protections to combat the proliferation of child sexual abuse material and other illegal content, while also maintaining free expression, privacy and the right of individuals to have ownership and choice over their own images.
Melissa Lukings
View Melissa Lukings Profile
Melissa Lukings
2021-06-07 12:37
Thank you.
Privacy is very important, and it's also a safety issue in a lot of these situations. I can't provide any specific solutions. I'm not [Technical difficulty—Editor]. I definitely recommend asking Dr. Lashkari about that.
In terms of law, we need to remember the foundations of law, so what is the Privacy Act based on? What are the rights and freedoms that Canadians hold as important? Our rights to freedom of expression, freedom of association and all these things need to be considered when we're implementing new technology and new standards for technology.
As for specifics, that wouldn't be my area. I would be more like poking holes in why those things aren't private enough.
View Matthew Green Profile
NDP (ON)
We've heard lots of discussion around the prevalence of CERB fraud, and yet we hear Mr. Brouillard talk about 50,000 identities stored in the dark web. Have there been any early indications or cross-reference between information that was taken through these breaches and potential fraudulent applications for the CERB?
View Matthew Green Profile
NDP (ON)
Before that happens, Mr. Chair, can I just ask Mr. Jones if something like that would be in his purview before it's passed along?
Scott Jones
View Scott Jones Profile
Scott Jones
2021-05-31 16:15
We're really talking about two different things, Mr. Chair. I think there's the number of data breaches that have happened. The Privacy Commissioner of Canada, in our national cyber-threat assessment where we highlight this, said that 28 million Canadians last year had their information taken. That information has then been reused to target the Government of Canada. By reusing passwords, for example, somebody was able to log in.
We're not talking about information that was taken from the government. It was taken from other data breaches, but people reuse things. Our security questions are the same. What's your favourite colour? What school did you go to, etc.? That's the information these criminals have stolen, and because passwords are horrible and we all have too many of them, we tend to reuse them. A lot of Canadians reuse them, and so those were able be reused. That's what credential stuffing is. Really, we're talking about information from other data breaches then turned and used against the Government of Canada. But Marc, maybe—
View Matthew Green Profile
NDP (ON)
I do say this respectfully, because it's not often that we have a member from the Communications Security Establishment before us. This is why I'm trying to get the most out of this intervention, because I don't know when you may be back.
Is there a scenario—this is for my own edification—where the information that might have been obtained through the CRA's vulnerabilities could then have been used to re-access fraudulent CERB applications? Maybe I'm oversimplifying it or conflating it.
I'd love to hear from you, Mr. Jones.
Scott Jones
View Scott Jones Profile
Scott Jones
2021-05-31 16:16
I think that would be a pretty unlikely scenario, to be frank, because that wasn't what we saw happening here. We saw Canadians being impersonated in this activity where they were using their legitimate credentials, so essentially logging in as them. I think that's kind of my overall response to this, but Marc might be able to tell you more.
View Joël Lightbound Profile
Lib. (QC)
Have you seen an acceleration as a result of the pandemic? I think that this was noted in your report.
People are spending more time online, and there are more conspiracy theories, for example.
Has this affected radicalization and the rate?
View David McGuinty Profile
Lib. (ON)
For each of the five topics that we covered in the report, we tried to provide, at the end of a chapter, an analysis of what has happened since the COVID-19 pandemic and the impact on the five areas.
In that analysis, we know there has been a decrease in mass gatherings. We know there has been a closure of public spaces and limits on travel. These things may have had a bearing on driving activity further online.
This is something the RCMP is examining. They believe it could result in people looking for advice or information over the Internet and accessing what we call extremist echo chambers. We believe that COVID-19, more social isolation and more financial hardship during the restrictions have likely put more of this type of IMVE and incel activity online.
View Greg Fergus Profile
Lib. (QC)
I'd like to thank the witnesses for being with us.
As I'm sure you've noticed, this is a very thorny issue that deeply affects all members of Parliament who have participated in these meetings. Before I put my question to the two ministers, I'd like to raise a few points.
Mr. Lametti, you said that we have a very powerful law, but that a few things need to be strengthened to better reflect the international nature of cybercrime, if I can use that term, because the actions of MindGeek and Pornhub are indeed criminal. The problem is the location of their computer servers.
I can also note that despite the fact that a willingness to act seems to transcend partisanship, the official opposition voted against increased funding for the RCMP to combat the scourge of online child pornography. That said, I know that the members here are acting in good faith and that they want to do the right thing now.
Mr. Lametti and Mr. Blair, what do you need, both in terms of resources and improvements to the legislative framework, to address these crimes in a way that takes into account their international nature due to the nature of the Internet?
What other tools and funding are needed to properly prosecute these people and bring justice to the victims of these crimes?
View Bill Blair Profile
Lib. (ON)
Thank you very much, Mr. Fergus, for what is a very important question.
As you've already indicated, we do supply funding to the RCMP to run the National Child Exploitation Crime Centre, which has a number of significant responsibilities, including the investigation of these predators to gather the evidence to bring them to court and to prosecute them. It also has the purpose of identifying and rescuing victims on the international front.
Because of the nature of online harms generally, and certainly of this most terrible crime, there is a very significant international component. That's why, in the five-country ministerial meetings that I have attended for each the last three years, the focus in each of those meetings has been on online child sexual [Technical difficulty—Editor] and implementation of principles to guide industry efforts to combat online crimes and child sexual exploitation.
In addition, we are part of an initiative called the WePROTECT Global Alliance, which is a movement dedicated to national and global action to end sexual exploitation of children online. It includes like-minded states, NGOs and civil society organizations.
Finally, Mr. Fergus, I would point out that the RCMP actually chairs a group called the Virtual Global Taskforce on child exploitation. This is an international law enforcement alliance that is engaged in intelligence sharing, data sharing and dealing with this issue globally. I think it is a demonstration of both Canada's commitment and the RCMP's global leadership on this critically important issue.
View David Lametti Profile
Lib. (QC)
Mr. Fergus, I would just add that we're working with other countries on mutual legal assistance treaties to facilitate the exchange of information between our police forces, multilateral conventions on cybercrime, as well as bilateral agreements with countries such as the United States, for example, to facilitate the exchange of information in a context where it needs to be done quickly.
View Shannon Stubbs Profile
CPC (AB)
View Shannon Stubbs Profile
2021-04-12 12:15
Thanks, Chair.
I have some questions for you, Commissioner Lucki. I have been looking at the website for the various child sexual exploitation units in the RCMP. I would also just note the recent reporting by the director of Cybertip, who says that in 2020 his [Technical difficulty—Editor] spike over April, May and June [Technical difficulty—Editor] youth who had been sexually exploited and reports of people trying to sexually abuse children.
I wonder if you could confirm that cases of child sexual exploitation online have increased during the past year. In that context, could you also shed some light on exactly what the support and resources were that the public safety minister says he offered when he reached out to the RCMP after members of Parliament and victims spoke out on this travesty last year?
Brenda Lucki
View Brenda Lucki Profile
Brenda Lucki
2021-04-12 12:16
Thank you so much for that question.
COVID-19 especially has had a heightened risk to children, as offenders have taken advantage of the fact that children are spending more time online and are often unsupervised. Since the onset of the pandemic, the centre has seen increased online activity related to online child sexual exploitation. From March to May 2020, the centre has recorded an approximately 36% increase in reports of suspected online child exploitation, attributed in part to the increase in viral media and a tangible increase in self-exploitation cases.
We also anticipate more reporting of child exploitation offences, both online and off-line, when the pandemic-related restrictions are slowly lifted and the children have access to trusted adults once again—their teachers, caregivers and community support services. It was largely limited at the onset of the pandemic, likely preventing children from reporting abuse to trusted adults outside of their homes, which is such a crucial part.
In terms of your question with regard to Minister Blair reaching out to the RCMP, whenever a huge...for example, when this arose about the increase in child exploitation, we're always having a conversation about the things we can do to prevent them. Obviously, we're looking at legislation and we're looking at the mandatory reporting act. We spoke about resources. We spoke about technology. We've talked about things within the acts and how that could improve law enforcement and how we could better reach out to law enforcement.
View Bill Blair Profile
Lib. (ON)
Thank you very much, Mr. Chair. I'll accept your remarks with respect to charm, but I'm afraid, with respect to looks, it's contrary to the evidence before us.
I'd like to thank the committee for the invitation today, and I'm pleased to present the 2021 supplementary estimates (C) and the 2021-22 main estimates for the public safety portfolio.
I'm very ably joined today by a number of my colleagues. Respectfully, in the interest of time, I will not introduce them, but I'd like to take the opportunity to acknowledge that, during these incredibly difficult and challenging times over the past year, they've all stepped up to the plate. They've been working diligently to keep our borders, communities and correctional institutions safe as well as to protect our national security.
Today, Mr. Chair, I believe these estimates reflect that work.
I'll go through the supplementary estimates (C) for 2021 in order to present these items chronologically. The approval of these estimates will result in funding approvals of $11.1 billion for the public safety portfolio, and that represents an increase of 3.3% over total authorities provided to date. I will briefly share some of the highlights here as they relate to how we manage our critical services during the pandemic.
The first is $135.8 million for the Correctional Service of Canada for critical operating requirements related to COVID-19.
The second is $35 million for Public Safety Canada, to support the urgent relief efforts of the Canadian Red Cross during the pandemic. Mr. Chair, as you know, the many volunteers and staff of the Canadian Red Cross have been there to support Canadians from the outset of this pandemic, including at long-term care homes right across the country.
I would ask this committee to join me in thanking them for all their service and for providing help where it was needed most. I’ll also note that this funding is in addition to the $35 million of vote 5 funding to Public Safety from Health Canada to support rapid response capacity testing being deployed to fill gaps in surge and targeted activities, including remote and isolated communities.
Included in these supplementary estimates is funding to enhance the integrity of our borders and asylum system while also modernizing the agency’s security screening system. This funding will ensure that security screening results are made available at the earliest opportunity under a reformed system.
I'd like to take this opportunity to highlight that CBSA employees have done a remarkable job in keeping our borders safe in response to COVID-19. I'd like to take the opportunity as well to thank them for their continued hard work in keeping Canadians safe.
We're also working through these supplementary estimates to increase funding to end violence against indigenous women and girls and to provide essential mental health services.
For the RCMP, we are investing significant funds through both the supplementary and main estimates to support improvements to the federal policing investigative capacity by bolstering its capability with additional policing professionals, investigators and scientists. This will be used to deal with federal policing initiatives, which include responding to money laundering, cybercrime such as child sexual exploitation, and national security such as responding to terrorism and foreign-influenced hostile activities.
Mr. Chair, if I may, I'll turn to the 2021-22 main estimates. The public safety portfolio, as a whole, is requesting a total of approximately $10 billion for this fiscal year. As I’ve previously noted, the portfolio funding has remained stable over the last few years. I will endeavour to break down the numbers by organization.
Public Safety Canada is seeking a total of $1.1 billion in the main estimates. This represents an increase of $329.9 million, or 45.5%, over the previous year. The bulk of this increase is due to the grants and contributions regarding the disaster financial assistance arrangements program, or DFAA. It’s an increase in funding based upon forecasts from provinces and territories for expected disbursements under the DFAA for this fiscal year. This represents a critical part of my portfolio as minister of Public Safety and Emergency Preparedness.
In these main estimates, increases also include $15 million for incremental funding to take action against gun and gang violence. As this committee knows, I introduced Bill C-21 in the House not very long ago, a bill designed to protect Canadians from firearm violence and to fulfill our promise of strengthening gun control.
Mr. Chair, I know that this committee will have the chance to review that legislation at some future date, and I look forward to discussing it with them at that time.
I want to focus on a number of ongoing issues and our responses to them, starting with Correctional Service of Canada, which is seeking $2.8 billion this fiscal year, which represents an increase of $239.8 million or 9.4% over the previous year. This net increase is primarily due to a net increase in operating funding, which includes an increase for transforming federal corrections as a result of the passage of the former Bill C-83, which introduced the new structured intervention unit model.
That bill represents a major change in the way our correctional institutions operate, and recent reports have been clear that more work must be done. Funding is just one part of the solution. With the creation of data teams, efforts to replicate best practices nationally and enhanced support from independent, external decision-makers, I am confident we will deliver on this transformational promise.
I want to again acknowledge the troubling findings that were made in the Bastarache report, which I know this committee has examined and reviewed with concern. We are seeking funds to establish the independent centre for harassment resolution. This will be responsible for implementing the full resolution process, including conflict management, investigations and decision-making.
Mr. Chair, we know more work needs to be done. I'd like to conclude by noting the importance of our oversight agencies. You will see in the main estimates that we are seeking to increase funding for the Office of the Correctional Investigator, the CRCC and the ERC, the latter by close to 100%.
With that, Mr. Chair, I thank you and the members of the committee for your patience as I delivered my opening remarks. I'm happy to answer questions that members may have about these estimates and the collective work of our portfolio.
View Pierre Paul-Hus Profile
CPC (QC)
How many officers do you have in Canada dedicated to online crime?
Brenda Lucki
View Brenda Lucki Profile
Brenda Lucki
2021-03-11 18:42
In national security in total, we have 600 resources, and that covers the entire gamut of the types of investigations we do. Of course, each and every one of those investigations touches on the cyber portion of the investigations, but they aren't specific to cybercrime specifically.
View Pierre Paul-Hus Profile
CPC (QC)
Thank you, Mr. Chair.
Ms. Lucki, in March 2020, you mentioned in your report that you did not have enough resources for terrorism, foreign interference and cybercrime.
If we set terrorism aside, do you have the same problem with foreign interference and cybercrime a year later?
Brenda Lucki
View Brenda Lucki Profile
Brenda Lucki
2021-02-25 20:00
Yes, we are constantly working on foreign interference. It's one of our priorities.
In the national security programme, we have the primary responsibility for investigations of that nature, and obviously we work with our domestic and international partners to investigate those illegal activities where such foreign interference is suspected. We also work with our security and intelligence partners to detect and disrupt the interference activity of these foreign actors. This type of activity can manifest itself in different ways.
View Pierre Paul-Hus Profile
CPC (QC)
Resources were a problem for you. Have you obtained additional resources, or are you at the same point as in 2020?
Brenda Lucki
View Brenda Lucki Profile
Brenda Lucki
2021-02-25 20:00
We have not increased our resources in this area.
Brenda Lucki
View Brenda Lucki Profile
Brenda Lucki
2021-02-25 20:00
But in the federal policing program we have the flexibility that if such a file raises itself.... For example, when we had the terrorist file in Kingston, we were able—and that's the beauty of the RCMP—to move the experts into the area from across Canada and get those specialized resources into that area to investigate those files.
Scott Jones
View Scott Jones Profile
Scott Jones
2020-12-09 15:32
Thank you very much for that, Mr. Chair.
Good afternoon, committee members.
Thank you for the invitation to appear today to discuss cybersecurity and specifically the “National Cyber Threat Assessment 2020” report released on November 18.
As the head of the Canadian Centre for Cyber Security at the Communications Security Establishment, I am very pleased to be here. CSE is Canada's foreign intelligence agency and lead technical and operational agency for cybersecurity. As was mentioned, I have appeared here a few times before.
Created in 2018, the cyber centre is a unified source of expert advice, guidance and support on cybersecurity operational matters. We work closely with other government agencies, industry partners and the public to improve cybersecurity for Canadians and to make Canada more resilient against cyber-threats.
Our goal with the national cyber-threat assessment is not to frighten Canadians or to be downers, but rather to inform all of us about the threats we will be facing in the coming years. I hope it spurs many of us to take simple actions to protect ourselves. We have seen that easy, simple actions can greatly increase our individual security.
Canada is one of the most connected countries in the world, which the NCTA highlights, and the COVID-19 pandemic has accelerated our reliance on the Internet to meet basic needs. We are increasingly leading our lives online, and at the same time threat actors continue to pursue new ways to use the Internet for malicious purposes. While this assessment does not provide specific mitigation advice, more guidance and best practices can be found on the cyber centre's website and through our “Get Cyber Safe” public awareness campaign. As I've said before, by taking even a single action, all Canadians can help shape and sustain our nation's cyber-resilience.
For those Canadians who would like to learn more, we have also published an updated “An Introduction to the Cyber Threat Environment”, which I will confess I may slip and call the “cyber primer”, in which we explain many of the terms and techniques used in cybersecurity.
The assessment analyzes cyber-trends since 2018 and draws upon the cyber centre's unique view of the cyber-threat environment to forecast those trends to around 2022. The assessment also highlights the most relevant cyber-threats to Canadian individuals and organizations.
Before I discuss those threats further, though, I would note that the assessment's findings are based on reporting from multiple classified and unclassified sources, including those related to CSE's foreign intelligence mandate. While the cyber centre must protect classified sources and methods, we have tried to provide readers with as much information as possible, including footnotes.
I'll now provide a brief breakdown of the cyber centre's key findings regarding the cyber-threat landscape. Broadly, these can be grouped into three key observations for our discussion today.
The NCTA 2020 highlights several key observations.
First, cybercrime is the threat most likely to impact Canadians now and in the years ahead, and cybercriminals often succeed because they exploit human and social behaviours.
Second, ransomware directed against Canada will almost certainly continue to target large enterprises and critical infrastructure providers.
Finally, while cybercrime is the main threat, state-sponsored cyber-programs of China, Russia, North Korea and Iran pose a strategic threat to Canada.
First, we assessed that cybercrime remains the threat most likely to impact Canadians. Now and in the years ahead Canadian individuals and organizations will continue to face online fraud and attempts to steal personal, financial and corporate information. Cybercriminals often succeed because they exploit deeply rooted human behaviours and social patterns as well as technological vulnerabilities. Unfortunately, as a result of this reality, Canadians are more at risk for cybercrime than ever. This has only increased during the COVID-19 pandemic.
Malicious cyber-actors are able to take advantage of people's heightened levels of fear to lure and encourage victims to visit fake websites, open email attachments and click on links that contain malware. These website emails and links frequently impersonate health organizations or the Government of Canada. Defending Canadians against these threats requires addressing both the technical and social elements of cyber-threat activity.
Second, the ongoing safety of Canadians depends on critical infrastructure as well as consumer and medical goods, many of which are increasingly being connected to the Internet by their manufacturers. However, once connected, these infrastructures and goods are susceptible to cyber-threats, and maintaining their security requires investments over time from manufacturers and owners that can be difficult to sustain.
We have assessed that ransomware directed at Canada will continue to target those large enterprises and critical infrastructure providers. As these entities cannot tolerate sustained disruptions, they are often willing to pay up to millions of dollars to quickly restore their operations. Many Canadian victims will likely continue to give in to ransom demands due to the severe costs of losing business and rebuilding their networks and the potential consequences of refusing payment. The protection of these organizations and networks is crucial to the productivity and competitiveness of Canadian companies, and vital for Canada's national defence.
Finally, state-sponsored actors are very likely attempting to develop cyber-capabilities to disrupt Canadian critical infrastructure to further their goals. However, we judge that it is very unlikely that cyber-threat actors will intentionally seek to disrupt critical infrastructure and cause major damage or loss of life in the absence of international hostilities. Nevertheless, cyber-threat actors may target Canadian critical organizations to collect information, pre-position for future activities, or as a form of intimidation.
While cybercrime is the most likely threat to impact the average Canadian, state-sponsored cyber-programs of China, Russia, North Korea and Iran pose the greatest strategic threat to Canada. We have assessed that state-sponsored actors will almost certainly continue to attempt to steal Canadian intellectual property, proprietary information and, in today's context, information specifically related to COVID-19.
We have also assessed that online foreign influence campaigns are no longer limited to key political events such as election periods. They are now the new normal. Adversaries now look to sustain their influence campaigns across all levels of discourse deemed to be of strategic value. While Canadians are often lower-priority targets for online foreign influence activity, our media ecosystem is closely intertwined with that of the United States and other allies, which means that when their populations are targeted, Canadians become exposed to online influence as well.
I want to reassure you that CSE and the cyber centre are working hard to mitigate many of these threats and protect Canadians and their interests through targeted advice and guidance. CSE continues to leverage all aspects of its mandate to help ensure that Canada is protected against threats. Not only is the “National Cyber Threat Assessment” meant to inform Canadians, but it is also setting the priorities for action by the cyber centre on what actions we can take, often with partners in the private sector who are willing to stand up and assist in directly addressing these threats facing each of us.
A key example of this type of partnership is the Canadian Shield initiative from the Canadian Internet Registration Authority, CIRA. CIRA Canadian Shield is a free, protected DNS service that prevents you from connecting to malicious websites that might affect your device or steal your personal information. The service is provided by the Canadian Internet Registration Authority, a not-for-profit agency that manages the “.ca” Internet domain. The service uses threat intelligence from the Canadian Centre for Cyber Security. In simple terms, if someone who is using Canadian Shield clicks on a link that is known to be malicious, they will be stopped from going to that bad site.
CIRA has seen a number of Canadians pick up the use of this tool, although we would certainly like to see it accelerated more. We are just past the six-month mark. We do recommend that all Canadians take advantage of this free service built by Canadians for Canadians and designed to protect Canadians' privacy.
Through targeted advice and guidance, the cyber centre is helping to protect Canadians' cybersecurity interests. We are dedicated to advancing cybersecurity and increasing the confidence of Canadians in the systems they rely on. We hope this report will help raise the bar in terms of awareness of today's cyber-threats. I encourage Canadians who are looking for easy-to-follow tips on cybersecurity, such as our holiday gift guide, to visit our website, GetCyberSafe.gc.ca.
For businesses and large organizations, or if you would like to read more of the publications of the cyber centre, we can be found at cyber.gc.ca.
Thank you again for the opportunity to appear before you virtually today. I'll be pleased to answer any questions you may have.
View Shannon Stubbs Profile
CPC (AB)
View Shannon Stubbs Profile
2020-12-09 15:40
Thank you, Chair.
Thank you to the witness for being here and for your time, your report and all of your work. It's eye-opening and deeply alarming, so I think we're all glad that you're there.
In your comments and in your report you touched on the cost of foreign hacking to western companies and governments, even to the tune of individual Canadians losing over $43 million to cybercrime fraud in 2019, according to the statistics from the Canadian Anti-Fraud Centre.
Could you explain to us what costs the criminals and the foreign state-sponsored actors who engage in foreign interference in our democracy and society face? I wonder if you have any comments on whether or not they seem to act with relative impunity, without any serious risk of costs to their actions.
Scott Jones
View Scott Jones Profile
Scott Jones
2020-12-09 15:41
Thank you for the question, Mr. Chair, and your comments on the report.
I think there are a few things. If we look at cybercriminals, they very much reply upon an extremely developed ecosystem that relies on things like anonymous financial transactions—Bitcoin and the like. Having online digital currencies really does facilitate that.
In terms of the risk, it's certainly a question that I wish one of my colleagues from the RCMP were here to talk about in terms of prosecutions, but it remains a challenging environment in which you can achieve fraud against a Canadian from remote jurisdictions. As the report points out, there are many jurisdictions in which you will not suffer consequences from local authorities because as long as you don't target their citizens, they're not going to go after you. A bit of a quid pro quo seems to exist, and it certainly has been highlighted in some of the research.
In terms of some of the costs, we do try to impose costs. The government has done a number of attributions to call out state activity that we feel is crossing thresholds and crossing lines. Earlier this year we called out Russia for its activity against vaccine research companies. We have certainly joined our allies a number of times to do that. That was one instance in which we joined in with the United Kingdom and the United States to do that, specifically because it was targeting our areas, but we have, at some points, along with our allies, called out behaviour of each of the four nations I mentioned.
View Shannon Stubbs Profile
CPC (AB)
View Shannon Stubbs Profile
2020-12-09 15:43
Could you expand on the importance of attribution and exposing their intent? Also, do you have any other comments on possible other options to fight back, such as sanctions or other tools?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-12-09 15:43
The value of attribution is pretty variable. The primary value of being a cyber defender and somebody who is worried about cybersecurity is that it spurs action. When we do an attribution, it tends to get organizations to take seriously the alerts we put out. When we say, “You need to apply this patch; it's important,” people will respond. When we say, “Apply this patch because country X is targeting this sector, ” they pay attention and they do it. It does have an effect domestically in getting the potential victims to take it seriously and to take action.
In terms of the international side, we certainly have not seen a significant change in the actors' behaviour because of it, but it does form norms. That is something that is probably more appropriate for my Global Affairs colleagues to talk about, and they're probably better positioned to talk about some of the things like sanctions and other aspects of foreign policy. I tend to try to stick to the technical and the cybersecurity elements.
View Angelo Iacono Profile
Lib. (QC)
Thank you.
For several years, we have been aware of the illegal activities and transactions that take place on the deep Web. For example, there is drug trafficking, prostitution, arms trafficking and even contract killings.
Can you tell us if we have been able to put in place means to reduce these worrisome activities and track the criminals in question?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-12-09 16:35
I think that investigators at the RCMP, or perhaps at the Sûreté du Quebec, for example, might be in a better position to answer about the investigation phase.
One of the risks we see is that the dark web is certainly facilitating cybercriminals and cybercrime tools. There is an entire ecosystem out there where you can go on and say, “I want a tool that's going to allow me to do this.” Let's say you want to target this type of organization, or even a specific organization. They'll bid and tell you what it will cost. You can pay for 24-7 support or you can pay for a custom tool to be developed for you to achieve your goals.
Then there's the organized crime that goes behind all of that. It is a large enterprise out there. It's facilitated by the dark web and anonymous payment systems like Bitcoin and online currencies. One of the key challenges is that the entire system is designed to be anonymous and to not have attribution.
View Pierre Paul-Hus Profile
CPC (QC)
Thank you, Minister. I will ask representatives of another department.
In your opening statement, you spoke about programs that were put in place quickly in response to the COVID-19 crisis. But this was accompanied in June by the inconvenient fact that the personal information of 5,500 people with a Canada Revenue Agency account had been compromised. Later, we learned that this was 11,200 accounts, some of which were accessible by means of a GCKey, a system that affects 30 departments, and other portals.
We even learned that these figures had quadrupled. According to information that we obtained, almost 50,000 Canadians had their personal information stolen when they were using government sites.
Can you confirm how many people in Canada were victims of identity theft as a result of using programs related to COVID-19 ?
View Joyce Murray Profile
Lib. (BC)
First, I'll say that we have a core responsibility to protect Canadians' information, and I take that very seriously. The government GCKey platform itself was not compromised, but like any large organization, the government's systems are constantly under attack using illegally acquired information and log-ins. We're committed to always responding, and I would like Marc to be able to talk more specifically about the numbers and what—
View Pierre Paul-Hus Profile
CPC (QC)
All right, I will let Mr. Brouillard answer.
I want to know whether 50,000 Canadians were victims of identity theft.
Marc Brouillard
View Marc Brouillard Profile
Marc Brouillard
2020-11-30 19:08
I can explain the situation to some extent.
The numbers changed as we conducted our investigation. According to the most recent reported figures, there were 9,300 GCKey accounts. This system is part of the identity program for more than 24 departments. The problem occurred more specifically at the CRA, which uses a different system. Of the 14 million CRA accounts, suspicious activities were identified in 48,500 accounts, which were then suspended.
View Pierre Paul-Hus Profile
CPC (QC)
Marc Brouillard
View Marc Brouillard Profile
Marc Brouillard
2020-11-30 19:09
I can't answer that. It's under investigation by the RCMP.
View Iqra Khalid Profile
Lib. (ON)
Thank you very much, Mr. Chair. I thank all of the witnesses here for your very compelling testimony.
I would like to start by giving Ms. DJ Switch the opportunity to finish her narrative of the events that Ms. Ojigho also highlighted. Ms. Switch, take your time, but I hope that you'll leave me some time to ask some follow-up questions. In your remarks, please also address the Cybercrime Act in Nigeria and its impact on your advocacy in the online space.
Please go ahead, Ms. Switch.
Obianuju Catherine Udeh
View Obianuju Catherine Udeh Profile
Obianuju Catherine Udeh
2020-11-06 13:22
Just to quickly round that up so that I can leave you some time, we were able to hold our ground. Then the military left after a commandant came and we got his name. We just guessed they must have found out there were a lot of people who were watching what was going on. Forty-five or 50 minutes later, the police came and did the same thing, and actually killed people. That's just to wrap it up as quickly as possible.
With regard to cybercrime in Nigeria, if I understand your question, yes, it's a problem. Just as I said when I started speaking, something about Nigerians is that we're very hard-working. We have this survival instinct at every level. There's this desperate need to survive. I'm not excusing that act, because it is criminal, but all I'm saying is something led to something. There's not enough sensitization. There's not enough education for people to understand what they can use their skills for. It's a broad scope. It's something that needs to be addressed, because there are intelligent people in Nigeria who don't use it for anything but criminal things online.
Results: 1 - 60 of 139 | Page: 1 of 3

1
2
3
>
>|
Export As: XML CSV RSS

For more data options, please see Open Data